The 2012 Eurobarometer poll on cyber
security found that 18% of EU internet users are less likely to buy goods online and 15% less
likely to use online banking because of these cyber security concerns.

According to the public consultation on NIS, 56.8% of respondents had experienced
NIS incidents over the past year with a serious affect on their activities.

Eurostat
figures show that by January 2012, only 26% of enterprises in the EU had a formally defined ICT
security policy.

The European Commission (EC) has published a cyber security strategy alongside a proposed
directive on network and information security (NIS), with mixed reaction from the IT
industry.

The cyber security strategy for an “open, safe and secure cyberspace” represents
the European Union's (EU) vision on how best to prevent and respond to cyber
disruptions and attacks.

The aim of the strategy is to promote European values of freedom and democracy and
ensure the digital economy can safely grow, according to the EC.

The announcements are in response to the increasing frequency and magnitude of
cyber incidents that can threaten safety and cause major damage to the economy.

The EC said previous efforts to deal with this problem have been too fragmented,
and that efforts to prevent, cooperate and be more transparent about cyber incidents must
improve.

Ensuring a secure internet

According to the EC, the EU international cyber space policy promotes the respect
of EU core values, defines norms for responsible behaviour, and advocates the application of
existing international laws in cyber space.

The policy is also aimed at assisting countries outside the EU with cyber security
capacity-building and promoting international cooperation in cyber issues.

The EC said the proposed NIS directive is a key component of the overall strategy
and will require all member states, key internet enablers and critical infrastructure operators to
ensure a secure digital environment.

This includes providers of e-commerce platforms, internet payment systems, cloud
computing, search engines and social networks, as well as operators of critical infrastructures in
the energy, transport, banking and healthcare sectors.

These organisations are required to adopt risk management practices and report
major security incidents on their core services.

The proposed directive requires member states to adopt a NIS strategy and designate
a national NIS competent authority with adequate financial and human resources to prevent, handle
and respond to NIS risks and incidents.

Member states are also required to set up a mechanism for cooperation with each
other and the EC to share early warnings on risks and incidents through a secure
infrastructure.

Neelie Kroes, EC vice-president for the Digital Agenda, said the more people rely
on the internet, the more they rely on it to be secure.

“A secure internet protects our freedoms and rights and our ability to do business.
It is time to take coordinated action – the cost of not acting is much higher than the cost of
acting," she said.

Catherine Ashton, high representative of the Union for Foreign Affairs and Security
Policy and vice-president of the EC, said that for cyberspace to remain open and free, the same
norms, principles and values that the EU upholds offline, should also apply online.

“Fundamental rights, democracy and the rule of law need to be protected in cyber
space. The EU works with its international partners as well as civil society and the private sector
to promote these rights globally,” she said.

“Many EU countries are lacking the necessary tools to track down and fight online
organised crime. All member states should set up effective national cyber crime units that can
benefit from the expertise and the support of the European
Cybercrime Centre EC3," she said.

Stewart Room, partner at Field Fisher Waterhouse, said the new EU cyber security directive
represents a real paradigm shift in the legal framework for network, communications and data
security.

“For the first time all key players within the EU economy will be subject to a comprehensive
legal obligation to be secure and to come clean about security failures,” he said.

According to Room, the directive provides a new understanding of what are critical European
infrastructures, which will bring into scope huge parts of the internet as well as major utility
organisations and financial services that cannot operate properly without secure networks and
communications.

In the run-up to the publication of the strategy and proposed directive, IT
industry representatives have expressed concern about the requirement for providers of critical
infrastructures to report major security incidents on their core services.

A secure internet protects our freedoms and rights and our
ability to do business

Neelie Kroes, EC vice-president for the Digital Agenda

Legal obligations raise concerns

Some sources in the IT industry have raised concerns particularly about how the new
incident reporting obligations will work for industries such as financial services, which are
already answerable to industry regulators concerning cyber incidents.

This raises several questions, they said, such as what would take precedence – the
EU directive or industry-specific regulations?

Ronnlund said the aim is not to overburden organisations with data breach disclosure
obligations, but to promote a risk management approach to cyber security and ensure that incidents
potentially faced by other European organisations are reported to get cooperation working
smoothly.

Positive step to tackling the global security challenge

Not all reaction from the IT sector has been negative, however. IT services firm Huawei welcomed
the EU proposals to step up cyber security across Europe.

Leo Sun, president of Huawei’s European Public Affairs and Communications Office said cyber
threats do not stop at national borders, and neither can efforts to protect networks and
systems.

“At Huawei, we believe an international approach in which all stakeholders take their fair share
of responsibility is a prerequisite to tackling this global challenge,” he said.

John Suffolk, Huawei’s global security officer and former UK government CIO said the EC strategy
comes at a crucial moment.

“The strategy provides the public and private sectors with the tools they need to move beyond
debating the problem and take concrete steps to tackle security issues,” he said.

HP also welcomed the EC cyber security strategy.

“Forward-looking technologies offer tremendous potential for economic growth in Europe, with
cloud computing alone expected to boost the European economy by €1tn by 2020, however a lack of
confidence in internet security due to the alarming number of costly attacks is blocking widespread
adoption,” said Richard Archdeacon, head of security strategy at HP.

Email Alerts

By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

It can be tempting to stray from the security roadmap security professionals have put in place when data breaches like the Sony and Anthem breaches are all over the news. But experts say it's crucial to stick to the security basics.

The Open Data Platform has arrived, but not all Hadoop vendors are on board. The initiative, aimed at boosting interoperability, formed a backdrop for discussion at the Strata + Hadoop World 2015 conference.